CVE-2012-4513

high

Description

khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.

References

http://www.securitytracker.com/id?1027709

http://www.openwall.com/lists/oss-security/2012/10/30/6

http://www.openwall.com/lists/oss-security/2012/10/11/11

http://secunia.com/advisories/51145

http://secunia.com/advisories/51097

http://rhn.redhat.com/errata/RHSA-2012-1418.html

http://rhn.redhat.com/errata/RHSA-2012-1416.html

http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=1f8b1b034ccf1713a5d123a4c327290f86d17d53

http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html

Details

Source: Mitre, NVD

Published: 2012-11-11

Updated: 2012-11-12

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Severity: High